{"id":693,"date":"2019-07-18T14:07:00","date_gmt":"2019-07-18T20:07:00","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=693"},"modified":"2019-09-25T13:59:15","modified_gmt":"2019-09-25T19:59:15","slug":"proxmox-5-configuracion-firewall","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=693","title":{"rendered":"PROXMOX 5: Configuraci\u00f3n Firewall"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Gu\u00eda: <a rel=\"noreferrer noopener\" aria-label=\"firewall-proxmox (abre en una nueva pesta\u00f1a)\" href=\"http:\/\/nihilanthlnxc.cubava.cu\/2015\/09\/04\/cortafuegos-de-proxmox-ve\/\ufeff\" target=\"_blank\">firewall-proxmox<\/a><\/li><li>Comandos:<\/li><li>Detener el firewall<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>pve-firewall stop<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Disabled fiewall<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>pve-firewall stop\nchmod u+w \/etc\/pve\/firewall\/cluster.fw\nnano \/etc\/pve\/firewall\/cluster.fw\n\ncambiar:\nenabled:1\nX\nenabled:0\n\n\npve-firewall start<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ingresamos a Centro de datos-&gt;Firewall-&gt;opciones-&gt;Pol\u00edtica de Entrada<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"748\" height=\"517\" src=\"\/wp-content\/uploads\/2019\/07\/1-1.png\" alt=\"\" class=\"wp-image-694\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/1-1.png 748w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/1-1-300x207.png 300w\" sizes=\"(max-width: 748px) 100vw, 748px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Y la modificamos por aceptar para que no nos bloquee<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"376\" height=\"158\" src=\"\/wp-content\/uploads\/2019\/07\/2-1.png\" alt=\"\" class=\"wp-image-695\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/2-1.png 376w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/2-1-300x126.png 300w\" sizes=\"(max-width: 376px) 100vw, 376px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Lo primero que vamos hacer es crear \u00abGrupos de seguridad\u00bb donde vamos a establecer el primer grupo como una regla explicita para \u00abDENY-ALL\u00bb y a partir de ah\u00ed crearemos otros habilitando los diferentes puertos permitidos<\/li><li>Para esto ingresamos a \u00abCentro de Datos-&gt;firewall-&gt;Grupos de Seguridad-&gt;Crear\u00bb<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"670\" height=\"559\" src=\"\/wp-content\/uploads\/2019\/07\/3-1.png\" alt=\"\" class=\"wp-image-696\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/3-1.png 670w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/3-1-300x250.png 300w\" sizes=\"(max-width: 670px) 100vw, 670px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"323\" height=\"170\" src=\"\/wp-content\/uploads\/2019\/07\/4-1.png\" alt=\"\" class=\"wp-image-697\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/4-1.png 323w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/4-1-300x158.png 300w\" sizes=\"(max-width: 323px) 100vw, 323px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Con los datos:<ul><li>Nombre: gs_deny_all<\/li><li>Comentario: GS: Denegar todo<\/li><\/ul><\/li><li>Ahora dentro de las reglas le damos a\u00f1adir:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"807\" height=\"134\" src=\"\/wp-content\/uploads\/2019\/07\/6-1.png\" alt=\"\" class=\"wp-image-698\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/6-1.png 807w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/6-1-300x50.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/6-1-768x128.png 768w\" sizes=\"(max-width: 807px) 100vw, 807px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Completamos los datos:<ul><li>Direcci\u00f3n: in<\/li><li>Acci\u00f3n: DROP<\/li><li>Activado: NO<\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"626\" height=\"338\" src=\"\/wp-content\/uploads\/2019\/07\/7-1.png\" alt=\"\" class=\"wp-image-699\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/7-1.png 626w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/7-1-300x162.png 300w\" sizes=\"(max-width: 626px) 100vw, 626px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora para permitir la administraci\u00f3n de proxmox tanto pos ssh como web lo primero que creamos es un alias para la VLAN UGIT.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"480\" height=\"600\" src=\"\/wp-content\/uploads\/2019\/07\/8-1.png\" alt=\"\" class=\"wp-image-700\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/8-1.png 480w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/8-1-240x300.png 240w\" sizes=\"(max-width: 480px) 100vw, 480px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Y agregamos los datos de la VLAN SIUA-UGIT<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"334\" height=\"210\" src=\"\/wp-content\/uploads\/2019\/07\/9-1.png\" alt=\"\" class=\"wp-image-701\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/9-1.png 334w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/9-1-300x189.png 300w\" sizes=\"(max-width: 334px) 100vw, 334px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>De esta manera nos permite que si se cambia el rango de ip&#8217;s de una vlan UGIT solo cambiemos este rango en al alias y no en reglas.<\/li><li>Ahora vamos a crear una nuevo grupo de seguridad que le de accedo al alias \u00abSIUA-UGIT\u00bb<\/li><li>Con los datos:<ul><li>Nombre: gs_vlan_ugit<\/li><li>Comentario: GS:VLAN UGIT<\/li><\/ul><\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"318\" height=\"163\" src=\"\/wp-content\/uploads\/2019\/07\/10-1.png\" alt=\"\" class=\"wp-image-702\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/10-1.png 318w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/10-1-300x154.png 300w\" sizes=\"(max-width: 318px) 100vw, 318px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora a\u00f1adimos la regla:<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"342\" src=\"\/wp-content\/uploads\/2019\/07\/11-1.png\" alt=\"\" class=\"wp-image-703\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/11-1.png 618w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/11-1-300x166.png 300w\" sizes=\"(max-width: 618px) 100vw, 618px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora para la sincronizaci\u00f3n del cluster y funcionamiento de proxmox necesitamos tener habilitados los puertos:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Web interface: 8006\nVNC Web console: 5900-5999\nSPICE proxy: 3128\nsshd (used for cluster actions): 22\nrpcbind: 111\ncorosync multicast (if you run a cluster): 5404, 5405 UDP<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Primero vamos un alias para la red corosync 10.20.252.0\/24<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"971\" src=\"\/wp-content\/uploads\/2019\/07\/12-1.png\" alt=\"\" class=\"wp-image-704\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/12-1.png 1000w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/12-1-300x291.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/12-1-768x746.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"330\" height=\"203\" src=\"\/wp-content\/uploads\/2019\/07\/13-1.png\" alt=\"\" class=\"wp-image-705\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/13-1.png 330w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/13-1-300x185.png 300w\" sizes=\"(max-width: 330px) 100vw, 330px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Vamos a crear un nuevo grupo de seguridad<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"673\" height=\"561\" src=\"\/wp-content\/uploads\/2019\/07\/14-1.png\" alt=\"\" class=\"wp-image-706\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/14-1.png 673w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/14-1-300x250.png 300w\" sizes=\"(max-width: 673px) 100vw, 673px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Con los datos:<ul><li>Nombre: gs_ports_corosync<\/li><li>Comentario:GS: permite comunicaci\u00f3n de proxmox<\/li><\/ul><\/li><li>Ahora sobre este grupo creamos las reglas:<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"634\" height=\"352\" src=\"\/wp-content\/uploads\/2019\/07\/15-1.png\" alt=\"\" class=\"wp-image-707\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/15-1.png 634w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/15-1-300x167.png 300w\" sizes=\"(max-width: 634px) 100vw, 634px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"639\" height=\"348\" src=\"\/wp-content\/uploads\/2019\/07\/16-1.png\" alt=\"\" class=\"wp-image-708\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/16-1.png 639w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/16-1-300x163.png 300w\" sizes=\"(max-width: 639px) 100vw, 639px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"628\" height=\"340\" src=\"\/wp-content\/uploads\/2019\/07\/17-1.png\" alt=\"\" class=\"wp-image-709\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/17-1.png 628w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/17-1-300x162.png 300w\" sizes=\"(max-width: 628px) 100vw, 628px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"638\" height=\"344\" src=\"\/wp-content\/uploads\/2019\/07\/18-1.png\" alt=\"\" class=\"wp-image-710\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/18-1.png 638w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/18-1-300x162.png 300w\" sizes=\"(max-width: 638px) 100vw, 638px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"635\" height=\"349\" src=\"\/wp-content\/uploads\/2019\/07\/19-1.png\" alt=\"\" class=\"wp-image-711\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/19-1.png 635w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/19-1-300x165.png 300w\" sizes=\"(max-width: 635px) 100vw, 635px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"659\" height=\"345\" src=\"\/wp-content\/uploads\/2019\/07\/20-1.png\" alt=\"\" class=\"wp-image-712\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/20-1.png 659w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/20-1-300x157.png 300w\" sizes=\"(max-width: 659px) 100vw, 659px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Quedando de la siguiente manera<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"213\" src=\"\/wp-content\/uploads\/2019\/07\/21-1.png\" alt=\"\" class=\"wp-image-713\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/21-1.png 1000w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/21-1-300x64.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/21-1-768x164.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a crear una Alias para los servidores en la red interna<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"333\" height=\"215\" src=\"\/wp-content\/uploads\/2019\/07\/22-1.png\" alt=\"\" class=\"wp-image-714\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/22-1.png 333w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/22-1-300x194.png 300w\" sizes=\"(max-width: 333px) 100vw, 333px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos un grupo de seguridad para los servidores<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"334\" height=\"186\" src=\"\/wp-content\/uploads\/2019\/07\/23-1.png\" alt=\"\" class=\"wp-image-715\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/23-1.png 334w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/23-1-300x167.png 300w\" sizes=\"(max-width: 334px) 100vw, 334px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Le agregamos una regla aceptando cualquier puerto<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"359\" src=\"\/wp-content\/uploads\/2019\/07\/24-1.png\" alt=\"\" class=\"wp-image-716\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/24-1.png 625w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/24-1-300x172.png 300w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora para conectar el freenas1 que contiene las images de discos y solo se debe ser accedido por los miembros del cluster vamos a crear un IPSet<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"390\" height=\"600\" src=\"\/wp-content\/uploads\/2019\/07\/25-1.png\" alt=\"\" class=\"wp-image-717\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/25-1.png 390w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/25-1-195x300.png 195w\" sizes=\"(max-width: 390px) 100vw, 390px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Con los datos<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"356\" height=\"196\" src=\"\/wp-content\/uploads\/2019\/07\/26-1.png\" alt=\"\" class=\"wp-image-718\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/26-1.png 356w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/26-1-300x165.png 300w\" sizes=\"(max-width: 356px) 100vw, 356px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Ingresamos las Ip&#8217;s<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"632\" height=\"180\" src=\"\/wp-content\/uploads\/2019\/07\/27-1.png\" alt=\"\" class=\"wp-image-719\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/27-1.png 632w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/27-1-300x85.png 300w\" sizes=\"(max-width: 632px) 100vw, 632px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"645\" height=\"185\" src=\"\/wp-content\/uploads\/2019\/07\/28.png\" alt=\"\" class=\"wp-image-720\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/28.png 645w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/28-300x86.png 300w\" sizes=\"(max-width: 645px) 100vw, 645px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"662\" height=\"182\" src=\"\/wp-content\/uploads\/2019\/07\/29.png\" alt=\"\" class=\"wp-image-722\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/29.png 662w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/29-300x82.png 300w\" sizes=\"(max-width: 662px) 100vw, 662px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"648\" height=\"192\" src=\"\/wp-content\/uploads\/2019\/07\/30.png\" alt=\"\" class=\"wp-image-723\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/30.png 648w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/30-300x89.png 300w\" sizes=\"(max-width: 648px) 100vw, 648px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"649\" height=\"199\" src=\"\/wp-content\/uploads\/2019\/07\/31.png\" alt=\"\" class=\"wp-image-724\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/31.png 649w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/31-300x92.png 300w\" sizes=\"(max-width: 649px) 100vw, 649px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Quedando as\u00ed:<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"437\" height=\"266\" src=\"\/wp-content\/uploads\/2019\/07\/32.png\" alt=\"\" class=\"wp-image-725\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/32.png 437w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/32-300x183.png 300w\" sizes=\"(max-width: 437px) 100vw, 437px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora creamos un grupo de seguridad para que hacer que el freenas1 se accepte en el cluster<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"355\" height=\"201\" src=\"\/wp-content\/uploads\/2019\/07\/33.png\" alt=\"\" class=\"wp-image-726\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/33.png 355w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/33-300x170.png 300w\" sizes=\"(max-width: 355px) 100vw, 355px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Con las reglas<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"660\" height=\"359\" src=\"\/wp-content\/uploads\/2019\/07\/34.png\" alt=\"\" class=\"wp-image-727\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/34.png 660w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/34-300x163.png 300w\" sizes=\"(max-width: 660px) 100vw, 660px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"681\" height=\"363\" src=\"\/wp-content\/uploads\/2019\/07\/35.png\" alt=\"\" class=\"wp-image-728\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/35.png 681w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/35-300x160.png 300w\" sizes=\"(max-width: 681px) 100vw, 681px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora podemos activar el firewall<\/li><li>Primero vamos a agregar los grupos de seguridad anteriormente creados<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"862\" src=\"\/wp-content\/uploads\/2019\/07\/36.png\" alt=\"\" class=\"wp-image-729\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/36.png 1000w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/36-300x259.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/36-768x662.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos TODAS las reglas para que no se bloquee el Cluster.<\/li><li>Si por alguna raz\u00f3n el cluster se cae, debe ingresa a cada nodo y ejecutar el comando<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>pve-firewall stop\no\n\/etc\/init.d\/pve-firewall stop<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"615\" height=\"234\" src=\"\/wp-content\/uploads\/2019\/07\/37.png\" alt=\"\" class=\"wp-image-730\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/37.png 615w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/37-300x114.png 300w\" sizes=\"(max-width: 615px) 100vw, 615px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"164\" src=\"\/wp-content\/uploads\/2019\/07\/38.png\" alt=\"\" class=\"wp-image-731\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/38.png 1000w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/38-300x49.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/38-768x126.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>Habilitamos el firewall a \u00abS\u00ed\u00bb<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"778\" src=\"\/wp-content\/uploads\/2019\/07\/39.png\" alt=\"\" class=\"wp-image-732\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/39.png 1000w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/39-300x233.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/39-768x598.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora habilitamos la regla de Entrada \u00abDROP\u00bb<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"362\" height=\"168\" src=\"\/wp-content\/uploads\/2019\/07\/40.png\" alt=\"\" class=\"wp-image-733\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/40.png 362w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/40-300x139.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2019\/07\/40-360x168.png 360w\" sizes=\"(max-width: 362px) 100vw, 362px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Configuraci\u00f3n fe firewall proxmox<\/p>\n","protected":false},"author":2,"featured_media":2001,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[168,12],"class_list":["post-693","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-proxmox","tag-firewall","tag-proxmox"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=693"}],"version-history":[{"count":1,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/693\/revisions"}],"predecessor-version":[{"id":734,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/693\/revisions\/734"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/media\/2001"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}